That's just their excuse. Javascript is used on practically every web browser in existence, across billions of devices, and it does not have the security risks that Apple claims. It just doesn't. There are plenty of other flaws in their own web browser that have allowed remote code execution, but Javascript isn't typically one of them, in any browser, in any platform, in the last decade or more.
And there are plenty of apps in Apple's app store that are malicious. So the JIT excuse is just Applespeak for "we control what our competitors can do on hardware we supplied that someone bought and paid for". It's abuse and they are being sued by the DOJ. Just read the lawsuit so I don't have to reply to any more of your comments:
First, are you a security expert? If so, please provide your bona fides. Apple employs some of the brightest software and hardware security experts in the business. (Cellebrite can attest to this; they possess far fewer capabilities to crack iPhones than every other phone on the market.) If they perceive handling out JIT capabilities to apps as risky, I believe them. You, on the other hand, come with no evidence to the contrary other than a bare assertion.
Second, I already told you that there is no claim in the complaint that Apple is withholding Safari features in order to pad its apps business. If you believe otherwise, please provide relevant passages from the complaint.
Third, you’ve never had to reply to any of my comments. That’s on you.
>First, are you a security expert? If so, please provide your bona fides.
Nice goalpost move. I'm not playing that game with you.
>Apple employs some of the brightest software and hardware security experts in the business.
And yet Safari still gets hacked.
From the DOJ lawsuit:
16. Apple wraps itself in a cloak of privacy, security, and consumer preferences to
justify its anticompetitive conduct. Indeed, it spends billions on marketing and branding to
promote the self-serving premise that only Apple can safeguard consumers’ privacy and security
interests. Apple selectively compromises privacy and security interests when doing so is in
Apple’s own financial interest—such as degrading the security of text messages, offering
governments and certain companies the chance to access more private and secure versions of app
stores, or accepting billions of dollars each year for choosing Google as its default search engine
when more private options are available. In the end, Apple deploys privacy and security
justifications as an elastic shield that can stretch or contract to serve Apple’s financial and
business interests.
>If they perceive handling out JIT capabilities to apps as risky, I believe them. You, on the other hand, come with no evidence to the contrary other than a bare assertion.
You are influenced by the reality distortion field, that much is clear, no conversation can be had with a cult member. Have a nice day.
IAAL with experience interpreting Federal antitrust complaints. Allegation 16 is not a specific allegation that Apple deliberately withholds features from Safari in order to steer developers toward building apps. It’s a “narrative” paragraph that is intended to characterize Apple’s overall behavior. It alleges that Apple is self-serving, which, at the end of the day, isn’t really that surprising for an American business enterprise, and isn’t in itself unlawful.
> yet Safari still gets hacked
Talk about moving goalposts.
Every browser to date has had security vulnerabilities, and all the major vendors respond to close them when found to impact customers. Expecting Apple—or any developer for that matter—to have a perfect track record is unrealistic. Moreover, a large part of improving overall security is defense in depth, and it’s unreasonable to expect a vendor obsessed with security on its customers’ behalf to intentionally disable one of its defenses if it’s a known vulnerability vector.
I’m not a member of some Apple cult. There are plenty of things I don’t like about Apple; and no company is perfect. At any rate, name-calling one’s opponents isn’t allowed here, and when a discussion stoops to that nadir, I’m out. I’ll let the reader decide who has the better argument.
>IAAL with experience interpreting Federal antitrust complaints
If so, please provide your bona fides. But you won't.
>Apple employs some of the brightest software and hardware security experts in the business.
16. Apple wraps itself in a cloak of privacy, security, and consumer preferences to justify its anticompetitive conduct. Indeed, it spends billions on marketing and branding to promote the self-serving premise that only Apple can safeguard consumers’ privacy and security interests.
I provided the section of the DOJ lawsuit that states that Apple's portrayal of their security stance is nothing more than posturing and anti-competitive. You seem to think Apple are the absolute best in security, but they aren't even close to that. I don't believe that you are a lawyer and more than you believe that I am a security expert.
> You seem to think Apple are the absolute best in security, but they aren't even close to that.
Repeating this opinion ad nauseum doesn’t make it any more true. I already provided Cellebrite as evidence; where’s yours? (No, the fact that security vulnerabilities continue to be filed will not suffice. Security is best judged by the scope of and injury caused by successful exploits.)
> If so, please provide your bona fides. But you won't.
Happy to call your bluff. Send me an email and I’ll send you my California Bar license. otterley at otterley dot org
And there are plenty of apps in Apple's app store that are malicious. So the JIT excuse is just Applespeak for "we control what our competitors can do on hardware we supplied that someone bought and paid for". It's abuse and they are being sued by the DOJ. Just read the lawsuit so I don't have to reply to any more of your comments:
https://www.justice.gov/archives/opa/media/1344546/dl?inline